Why security is a massive challenge in 2015, Ronan Murphy, Smarttech

2014 was a very exciting and productive year for Smarttech. The company opened a new state of the art security operation centre (SOC) in Cork. The facility provides real time security monitoring for enterprise clients in Ireland and the UK. Although overall it has been a very challenging year for the global cybersecurity industry. SSL the primary protocol for communicating over networks and the public internet was effectively hacked twice with zero day vulnerabilities called Heartbleed and Poodle in addition to a 20 year old vulnerability called shellshock being discovered.

Anything you would have done differently?

The two things I would have done differently were:

1. Write more blogs
2. Spend more time emphasising the importance of cyber awareness training to our customers.
(This discussion really only hits home after a serious cyber breach)

Goals for 2015?

2015 has already been a very exciting and successful year. The primary goal is to increase the number of clients that we are providing enterprise security solutions too. We are expecting significant growth in the UK and mainland Europe too.

What are the pro’s of being based in Cork?

Although our Security Operation centre is based in Cork we have offices in Dublin and London too. I only spend about 20% of my time in Cork with most of my time in Dublin or the UK. Cork is a great location and the city has now been recognised as a technology Cluster. In particular in the area of security with MNC’s like Trend Micro, IBM, McAfee, Dell, Solar Winds, Malwarebytes all having offices based in Cork. In addition I have also recently been elected as chairman of the board for [email protected] the industry representative body in the region.

What new threats does you anticipate over the next few months?

We are starting to see a big increase in the amount of companies being targeted by spear phishing attempts through email and social media. The threat landscape is becoming very sophisticated and the traditional antivirus and firewalls are struggling to keep pace. Although spam protectors are excellent we are seeing targeted attempts getting past perimeter security by techniques like snowshoe spamming which distributes the spam load over more servers to get past organisation defences.

What is the oldest OS you recommend using? The Civil service still use Windows XP, which is no longer supported.

This is easy. Using an OS that isn’t being supported by the vendor has a high possibility of being exploited. Although we regularly come across organisations using a supported OS but not installing the regular patch updates. The moral of the story is that patching is critically important.

What tips would you give to make sure data and emails are secure? This relates to GCHQ etc spying on emails etc.

The only way to ensure complete privacy on data travelling over the internet is encryption. Although you have to ask the question if GCHQ really wanted to access your data from externally would you be able to stop them ?

(The reality is probably no.)

After the recent revelations about FREAK attack what would you recommend to ensure encryption is safe?

FREAK is a zero day vulnerability so again a big challenge for the industry. Its important that people upgrade their software with the various patches released by the vendors. The newest version of Chrome & Firefox have been patched to protect against this vulnerability. There will be fixes for all the browsers in a few days, but really, why take a chance of having your ID and passwords cracked?

If you have a limited security budget what would you recommend to maximise your security?

One word “Training”…

People are the weakest link in the security posture of any business and no matter how much money an organisation spends on products and services if the users are not demonstrating awareness then a breach is inevitable.

What Cybersecurity horror stories will make us change how we handle data and security?

We have seen a large number of serious breaches over the last the 24 months and the horror stories are in the headlines nearly every week. Therefore I think the message is very clear now for organisations.